The ngrok blog

Manage sensitive values securely, reuse them across policies, and rotate them without editing policies—now open to everyone who's open to using the ngrok CLI!

HIPAA compliance opens ngrok for healthcare workloads—API gateways, webhook handling, and remote access with ePHI securely in transit.

The shortest path to the best of all worlds: AI-driven automation, simple deployments with containers and a GUI, and a gateway to knit it all together securely.

While you can send a "no thanks" error code and response body, close-connection is perfect for situations where you'd rather just definitively close the door.

Smithery is building tools to help you build, test, and distribute your MCPs on one side, and a "Google for MCPs" on the other—here's how they do it with ngrok.

Two new Traffic Policy actions, powered by OWASP CRS, drop malicious requests and responses at the edge, with no extra WAF service required.

We've brought .Status.Addresses for ExternalDNS, gateway status conditions that match community standards, and are prepping for the EOL of edges.

The story of `nd`, why we surface what’s happening under the hood, and lean on proven tools so developers can work faster and troubleshoot smarter.

How do they build gateways to route and authenticate traffic to blogs, OSS analytics services, photo-sharing apps, and much more with Traffic Policy?

From Docker Desktop, start an endpoint for your local containerized APIs or apps, the apply rules for auth, routing, or rate limits without leaving the UI.

We built an API gateway, then turned it on ourselves. Here's the full story of how we replaced nginx and now host ngrok.com with Kubernetes and Traffic Policy.

Securely install ngrok via the Microsoft Store for automatic updates and compatibility with app management tools.

Tips for making your Traffic Policy easier to read, debug, and evolve, without rewriting it every time your requirements shift.

Trigger internal services, validate requests, log events, connect to AI APIs, and generally give your gateway a brain with the new http-request action.

Secrets let you define and manage sensitive values in secure vaults—no more hardcoding or repetitive edits during regular credential rotations.

Shinobi’s AI red team agents test apps before attackers do, and with ngrok's Traffic Policy, they can integrate with customer's unique topology in minutes.

Embed a secure gateway into your Go app in one function call and run it anywhere—then make it soar by managing traffic with Traffic Policy.

Load balancing isn't just for scaling replicas—see what else Endpoint Pools can do, like canaries and risk-free (or at least less risky!) gateway changes.

With ngrok Endpoint Pools, load balancing is just starting endpoints with the same URL. Zero config. Elastic scale. Cross-cloud ready.

Tired of spoofed headers? Use JA4 to fingerprint clients by their TLS handshake and take action with ngrok Traffic Policy.

Are search and AI bots invading your ngrok endpoints? Fight back with three developer-friendly traffic policies you can deploy in minutes.

Define lists, maps, and interpolated values inside your traffic management rules—then reference them anywhere—to make configs both simpler and more dynamic.

Simplify your Kubernetes ingress stack: global load balancing, DDoS protection, and flexible routing all built into ngrok’s Operator.

Deploy a Kubernetes cluster, install the ngrok Operator, and validate your Helm charts or deployments—all inside GitHub Actions. Fast, clean, and repeatable.

Run your service on localhost, interact with it from any of your clusters—or all of them at once. ngrok makes the K8s dev loop feel magical again.

Need custom certs? Want fast mTLS setup? ngrok’s terminate-tls action gives you complete TLS control from one declarative config.

This is how I help modern teams do site-to-site connectivity: no VPNs, no sprawl—just secure tunnels and full control.

Want remote access to your Kubernetes API without VPNs or other complicated networking? ngrok’s K8s Operator makes it secure, declarative, and RBAC-friendly.

You can't always control when your services crash, but with Traffic Policy and custom responses, you can build consistent and helpful error pages in a minutes.

Ditch complex SSH/RDP chains and VPNs—here's how I help folks use ngrok to create secure and dynamic access to remote services or sites with a single agent.

From Platform Engineering Day, to our booth at N611, to talks on Gateway API implementations and API gateway maturity, there are plenty of places to find us.

One ngrok agent per factory = secure IoT access, no open firewalls, no VPN pain. Learn how cloud endpoints simplify industrial connectivity.

Multicloud isn’t magic—it’s a mess of networking, configuration, security, and observability pain. API gateways can help—here’s how to fix it the easy way.

A composable API gateway means total flexibility. Learn how ngrok's endpoints and Traffic Policy make exposing, routing to, securing, and scaling APIs a cinch.

Have you ever wanted an ngrok endpoint that doesn’t go offline when you get disconnected from the internet? Now possible with always-on cloud endpoints.